How to Setup VPN Server on Centos

Published on January 2017 | Categories: Documents | Downloads: 43 | Comments: 0 | Views: 329
of 5
Download PDF   Embed   Report

Comments

Content

HOW TO SETUP VPN SERVER ON CENTOS
First thing you have to do is check whether tun/tap is active or not by typing #cat /dev/net/tun Code: cat: /dev/net/tun: File descriptor in bad state take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

Install required modules #yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssldevel

Install openvpn into the server # wget http://openvpn.net/release/openvpn-2.0.9.tar.gz # wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm It is better if you make an update first before continuing to the next step # yum update After updating, make the files into RPM rpmbuild --rebuild lzo-1.08-4.rf.src.rpm if you use 64bit # rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm if you use 32bit # rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm rpmbuild -tb openvpn-2.0.9.tar.gz if you use 64bit # rpm -Uvh /usr/src/redhat/RPMS/x86_64/openvpn-2.0.9-1.x86_64.rpm if you use 32bit

# rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm Copy the configuration file to folder /etc/openvpn cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/ Building certificate, get in to directory /etc/openvpn/easy-rsa/2.0 cd /etc/openvpn/easy-rsa/2.0 source ./vars ./vars ./clean-all ./build-ca These will come up : Generating a 1024 bit RSA private key ………………………++++++ …………………….++++++ writing new private key to ‘ca.key’ etc… Just enter it, all you have to fill in is on the “Common Name” field. Now, it is time to make the server key ./build-key-server server Make the Diffie Hellman ./build-dh Copy those newly built certificate to /etc/openvpn/keys cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R

Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like #nano /etc/openvpn/1194.conf Code: local 123.123.123.123 #- your_server_ip port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 1.2.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3 before you save the configuration, make sure that the "plugin /usr/share/.. /pam.d/login" is one line Start the OPENVPN with 1194.conf #openvpn /etc/openvpn/1194.conf &

here's the status if OPENVPN successfully started Code: Mon Feb 21 02:23:20 2011 UDPv4 link remote: [undef] Mon Feb 21 02:23:20 2011 MULTI: multi_init called, r=256 v=256 Mon Feb 21 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62 Mon Feb 21 02:23:20 2011 Initialization Sequence Completed

Make OPENVPN 1194.conf running in background #bg Enable ipv4 forward #echo 1 > /proc/sys/net/ipv4/ip_forward Route iptables #iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123 *1.2.3.0 is allocated ip for OPENVPN client *123.123.123.123 is your server ip Now we create username and password for authorization #useradd username -s /bin/false #passwd username Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.1.4 from here After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\) Also create client configuration file in OPENVPN config directory, here's the

example:

Code: client dev tun proto udp #- protocol remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3 save with anyname.ovpn or 1194.ovpn

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close